-
Notifications
You must be signed in to change notification settings - Fork 17
/
example.go
53 lines (42 loc) · 1.32 KB
/
example.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package main
import (
"context"
"log"
"time"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/kms"
"github.com/golang-jwt/jwt/v5"
"github.com/matelang/jwt-go-aws-kms/v2/jwtkms"
)
const keyID = "aa2f90bf-f09f-42b7-b4f3-2083bd00f9ad"
func main() {
awsCfg, err := config.LoadDefaultConfig(context.Background(),
config.WithRegion("eu-central-1"))
if err != nil {
panic(err)
}
now := time.Now()
jwtToken := jwt.NewWithClaims(jwtkms.SigningMethodECDSA256, &jwt.RegisteredClaims{
Audience: jwt.ClaimStrings{"api.example.com"},
ExpiresAt: jwt.NewNumericDate(now.Add(1 * time.Hour * 24)),
ID: "1234-5678",
IssuedAt: jwt.NewNumericDate(now),
Issuer: "sso.example.com",
NotBefore: jwt.NewNumericDate(now),
Subject: "john.doe@example.com",
})
kmsConfig := jwtkms.NewKMSConfig(kms.NewFromConfig(awsCfg), keyID, false)
str, err := jwtToken.SignedString(kmsConfig.WithContext(context.Background()))
if err != nil {
log.Fatalf("can not sign JWT %s", err)
}
log.Printf("Signed JWT %s\n", str)
claims := jwt.RegisteredClaims{}
_, err = jwt.ParseWithClaims(str, &claims, func(token *jwt.Token) (interface{}, error) {
return kmsConfig, nil
})
if err != nil {
log.Fatalf("can not parse/verify token %s", err)
}
log.Printf("Parsed and validated token with claims %v", claims)
}